Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Home > Security > Mobile Forensics Cookbook
Back Security
Mobile Forensics Cookbook
Mobile Forensics Cookbook

Mobile Forensics Cookbook: Data acquisition, extraction, recovery techniques, and investigations using modern forensic tools

By Igor Mikhaylov
$15.99 per month
Book Dec 2017 302 pages 1st Edition
eBook
$35.99 $24.99
Print
$43.99
Subscription
$15.99 Monthly
eBook
$35.99 $24.99
Print
$43.99
Subscription
$15.99 Monthly

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 15, 2017
Length 302 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785282058
Category :
Security
Concepts :
Forensics
Tools :
Oxygen Forensics (Beginner) , SQLite Forensic Explorer (Beginner)
Table of content icon View table of contents Preview book icon Preview Book

Mobile Forensics Cookbook

Chapter 1. SIM Card Acquisition and Analysis

In this chapter, we'll cover the following recipes:

  • SIM card acquisition and analysis with TULP2G
  • SIM card acquisition and analysis with MOBILedit Forensics
  • SIM card acquisition and analysis with SIMCon
  • SIM card acquisition and analysis with Oxygen Forensic

Introduction

The main function of a SIM card is the identification of a user of a cellular phone on the network so that they can get access to its services.

The following types of data, which are valuable for an expert or investigator, can be found in the SIM card:

  • Information related to the services provided by the mobile operator
  • Phonebook and information about calls
  • Information about messages exchanged
  • Location information

Initially, SIM cards were almost the only source of data about the contacts of the mobile device owner, as the information about the phonebook, calls, and messages could be found only in their memory. Later, the storage of these data was relocated to the mobile devices memory and SIM cards began to be used only to identify subscribers in cellular networks. This is why some of the forensic tools developers, for the examination of mobile devices, decided not to include the SIM cards examination function in their products. However, today there are a lot of cheap phones (often, we call them "Chinese phones") with limited memory capacity. In these phones, part of the phone owners' data is stored in the SIM cards. This is why the forensic examination of SIM cards remains relevant.

SIM card is a regular smart card. It contains the following main components:

  • Processor
  • RAM
  • ROM
  • EEPROM
  • A file system
  • Controller I/O

In practice, we come across two kinds of SIM cards with six and eight contacts on the contact pads. This happens because the two contacts do not directly interact with the phone (smartphone) and their absence decreases the size of the area occupied by a SIM card when it is placed in the mobile device.

SIM cards can use three types of supply voltage (VCC): 5 V, 3.3 V, 1.8 V. Each card has a particular supply voltage.

There is an overvoltage protection in SIM cards. This is why when a 3.3 V supply voltage SIM card is placed in the card reader, that can operate only with 5 V supply voltage (old models), neither the information nor the SIM card can be damaged, and it will be impossible to work with this SIM card. As such, an expert may think that the SIM card is faulty. However, it is not so.

The forensic examination of a SIM card, before data extraction from the mobile device, where it is installed, is unreasonable. As the user's data stored in the memory of the mobile device, it can be reset or deleted during the process of removing the SIM card.

For analysis, a SIM card has to be removed from the mobile device and connected to the expert's computer via a specific device: a card reader.

Based on the previously mentioned information about SIM cards, we can figure out the main requirements to a card reader device with which it will be comfortable for an expert to examine SIM cards:

  • The card reader device has to support smart cards with supply voltage of 5 V, 3.3 V, and 1.8 V.
  • The card reader device has to support smart cards with six and eight contacts on the contact pads.
  • The card reader device has to support Microsoft PC/SC protocol. Drivers for this kind of devices are pre-installed on all versions of the Windows operating systems. This is why there is no need to install additional drivers in order to connect such devices to the expert's computer.

The following image shows an example of such a card reader:

SIM cards reader produced by «ASR» company, model «ACR38T».

Despite the fact that there are card reader devices designed for reading data from SIM cards, card reader devices designed for reading data from the standard size cards (having the size of a bank card) can be used. To work comfortably with these devices, a blank card, to which the SIM card is adjusted with some small pieces of tape, is used.

This is a SIM card adjusted with a bank card looks.

SIM card acquisition and analysis with TULP2G

TULP2G is a free tool developed by Netherlands Forensic Institute for forensic examination of SIM cards and cellular phones. Unfortunately, this program has not been updated for a long time. However, it can be used for very old cellular phones and SIM cards data acquisition and analysis.

Getting ready

On the TULP2G download page (https://sourceforge.net/projects/tulp2g/files/), select the TULP2G-installer-1.4.0.4.msi file and download it. At the time of writing this, the most up-to-date version is 1.4.0.4. When the download is finished, double-click on this file. The installation process of the program will be started.

Note

If the installation of the TULP2G program is performed in the Windows XP operating system, you need to install Microsoft Net Framework 2.0 and Windows Installer 3.1 before the installation of the TULP2G. The programs mentioned previously can be downloaded from the Microsoft Corporation website.

How to do it...

  1. When the program is launched, click on the Open Profile... button:

The main window of the TULP2G program

  1. In the opened window, you will find profiles, one of which has to be loaded in the program. Select the TULP2G.Profile.SIM-Investigation profile, and then click on Open.

Data extraction profiles of TULP2G

  1. In the Case/Investigation Settings window, fill in the fields: Case Name, Investigator Name, and Investigation Name. This information will be used later in the preparation of the report by TULP2G.

The Case/Investigation Settings window

  1. In the next window, TULP2G - SIM card; for the Communication Plug-in field, set the value as PC/SC chip card communication [1.4.0.3]. For the Protocol Plug-in field, set the value as SIM/USIM chip card data extraction [1.4.0.7]. If the examined SIM card has PIN or PUK code, enter it by clicking on the Configure button, which is located next to the Protocol Plug-in field.

Window TULP2G - SIM card.

Note

Reading data from the examined SIM card will not be possible if the PIN or PUK code are not entered.

  1. Click on the Run button. The process of data extraction from the SIM card will begin. The progress of extraction can be seen in the progress bar.

The progress bar.

  1. When the data is extracted from the SIM card, you can conduct a new extraction or generate a report about the extraction that has been performed. To generate the report, go to the Report tab. In the Report Name field, enter the name of the report; in the Export Plug-in and Selected Conversion Plug-in(s) fields, select plugins that will be used for the report generation. In the Selected Investigation(s) field, select those extractions for which you want to generate the report, and then click on Run.

The options window for the report generation

  1. When the report generation process is finished, there will be two files with formats HTML and XML. The HTML file can be opened with any web browser.

A fragment of the report

These files contain information (a phonebook, text messages, calls, and so on) that was extracted from the examined SIM card. It can be viewed and analyzed.

How it works...

TULP2G extracts data from the SIM card that is installed in the card reader, which is connected to the expert's computer, and generates a report. During the verification process, MD5 and SHA1 hashes of the image and the source are being compared.

See also

SIM card acquisition and analysis with MOBILedit Forensics

MOBILedit Forensic is a commercial forensic software by the company Compelson. It is updated regularly. This program can extract data from phones, smartphones, and SIM cards. As the program developers state, MOBILedit Forensic is a program that allows us to extract data from a phone or SIM card with a minimum number of steps. Also, this program has a unique function on which we will focus in another chapter.

Getting ready

On the MOBILedit download page (http://www.mobiledit.com/download-list/mobiledit-forensic), click on DOWNLOAD. When the downloading process is finished, double-click on the downloaded file of the program and install it. After the first run of the program, you need to enter the license key. If the license key is not entered, the program will work in the trial mode for 7 days.

How to do it...

There are two ways of extracting data from SIM cards with MOBILedit Forensic:

  1. Extracting data through wizard
  2. Extracting data through the main window of the MOBILedit Forensic program

In this book, we will focus on the data extraction from SIM card via the main window of the MOBILedit Forensic program.

When you run the program, the information about the connected card reader will appear in the upper left corner of the main window of the MOBILedit Forensic program.

A fragment of the main window

If you click on Connect, the MOBILedit Forensic Wizard will start, through which you can extract data from mobile devices and SIM cards. Let's now see how to extract the data:

  1. Click on the image of the card reader. The information about Answer on Reset(ART) and ICCID of the SIM card will be displayed. If this SIM card is locked, you will be asked to enter the PIN or PUK code.

Fragment of the main window with information about the SIM card

  1. After entering the PIN or PUK codes, the SIM card will be unlocked and the Report Wizard option will appear on the main window. The fact that the examined SIM card was unlocked is indicated by the displayed International Code (IMSI), access to which is possible only after entering the correct PIN code.

 A fragment of the main window with information about the SIM card

  1. Click on the Report Wizard; it will open the MOBILedit Forensic Wizard window, which will extract data from the SIM card and generate a report.
  1. Fill in the fields Device Label, Device Name, Device Evidence Number, Owner Phone Number, Owner Name, and Phone Notes . Then click on the Next button.

Window MOBILedit Forensic Wizard

  1. The data will be extracted. The extraction status will be displayed in the MOBILedit Forensic Wizard window.
  1. When the extraction is finished, click on the Next button. After that, MOBILedit Forensic Wizard will display the following window:

The MOBILedit Forensic Wizard window

  1. Click on New Case. In the opened window, fill in the Label, Number, Name, E-mail, Phone Number, and Notes fields, and then click on the Next button.

The MOBILedit Forensic Wizard window   

  1. In the next window of MOBILedit Forensic Wizard, select the format in which the report will be generated and click on the Finish button.

Final window of MOBILedit Forensic Wizard

A forensic report about the extraction will be generated in the selected format.

How it works...

MOBILedit Forensics extracts data from the SIM card installed in the card reader that is connected to the expert's computer and generates the report, taking the minimum number of steps. It is useful if there are a lot of mobile devices or SIM cards that have to be investigated, as it speeds up the process of data extraction.

See also

SIM card acquisition and analysis with SIMCon

SIMCon is one of the best utilities for a forensic analysis of SIM cards. It had a low price and for government organizations, military, and police, it was provided free of charge. Besides its impressive functionality, SIMCon, from some SIM cards, can extract data protected by PIN code. For example, phonebook.

Despite the fact that the SIMCon project was closed several years ago, the program did not disappear. A new updated version of this program is called Sim Card Seizure. The distribution rights of the program belong to the company Paraben. Also, the functionality of SIMCon is implemented in another product from Paraben--E3: Electronic Evidence Examiner.

Getting ready

The SIMCon project does not have its own address on the internet now. However, the installation software can be found via search engines.You can also download a trial version of Sim Card Seizure from Paraben's website. The limitation of the trial version of Sim Card Seizure is that only the first 20 records of phonebook, calls, messages are displayed.

How to do it...

  1. Double-click on the program icon and connect the card reader with the SIM card. The program will open the Enter PIN information window as shown in the following screenshot:
  1. In this case, there is no need to enter the PIN code. Click on the OK button to start the data extraction process. The status of the extraction process will be shown in the Reading SIM... window:

  1. If the data is successfully extracted, you will be asked to fill in the Investigator:, Date / Time:, Case:, Evidence Number:, and Notes: fields in the Acquisition Notes window. After filling in the fields, click on the OK button:

  1. Unlike TULP2G and MOBILedit Forensic, SIMCon allows you not only to extract data and generate a report but also to view the extracted data. The following screenshot shows a fragment of the SIMCon window in which we can see SMS messages, including deleted ones, which were extracted from the SIM card:

The Acquisition Notes window

At the bottom of the SIMCon main window, there is a section that displays detailed information about the selected record:

A section of the SIMCon main window with the detailed information about the selected record

The SIMCon program allows viewing the contents of each file. The following screenshot shows the contents of the elementary file (EF_ICCID):

How it works...

SIMCon extracts data from the SIM card installed in the card reader that is connected to the expert's computer. After this, you can generate a forensic report or analyze the extracted data from the main window of this program.

See also

SIM card acquisition and analysis with Oxygen Forensic

Oxygen Forensic is one of the best programs for mobile forensics. This program has a function of SIM card analysis besides its other functions. The program is commercial, but there is a 30-day trial full version, which you can get on request. When the request is accepted, you will receive an email in which you will find a registry key and instructions for downloading the installation software.

Getting ready

Download the Oxygen Forensic (https://www.oxygen-forensic.com/en/). Install it with the help of prompts. Go through the menu path: Service|Enter Key. In the opened License window, enter the license key and click on the Save button. Restart the program.

How to do it...

In order to examine a SIM card, you need to remove it from a mobile device and then install it in the SIM card reader, which has to be connected to the expert's computer. As we mentioned earlier, Microsoft PC/SC drivers are pre-installed on the Windows operating systems meaning that there is no need to install anything else. Now let's see how to use Oxygen Forensic: 

  1. In the Oxygen Forensic program, click on the Connect device button that is located in the toolbar. It will start Oxygen Forensic Extractor:

The main window of Oxygen Forensic Extractor

  1. In the main menu of Oxygen Forensic Extractor, click on the UICC acquisition option. The next window will prompt you to select the connected card reader or it will display an error message:

A card reader connection error message

  1. If access to a SIM card data is limited by a PIN or PUK code, you will be prompted to enter the appropriate code. The number of available attempts to enter PIN and PUK codes is displayed in the program. If there were no attempts to unlock the SIM card, then there should be 3 attempts to enter the PIN code and 10 attempts to enter the PUK code. After 10 failed attempts to enter the PUK code, the SIM card will be blocked forever. The PUK code can be received from the communication provider through an authorized person.

The SIM card data extraction window

The SIM card data extraction window displays the following:

  • Information about the card reader
  • Information about the SIM card
  • Fields for entering PIN and PUK codes

Enter the SIM card unlock code and click on the Next button.

  1. In the next window, you can specify additional information about the extraction that will be stored in the case. Also, in this window, you can select the options to save the extracted data from the device:

The Stored extracted physical dump of backup in the device image... option saves the main files from the SIM card.

The Complete UICC image option saves all files from the SIM card. The SIM card files' extraction process may take over 12 hours if you select this option.

The window for entering additional information about the case

  1. Click on the Next button. The process of extracting data from the investigated SIM card will start.

The following data can be extracted from the SIM card, including the deleted ones:

  • General information about the SIM card
  • Contacts
  • Calls
  • Messages
  • Other information

When the process of data importing is finished, the final window of Oxygen Forensic Extractor with summary information about the import will be displayed. Click the Finish button to finish the data extraction.

The extracted data will be available for viewing and analysis.

  1. At the end of the extraction, the created case can be opened in the Oxygen Forensic program.

Summarized information about the extraction

  1.  Now click on Messages category. An appropriate section with the extracted data can be viewed in respect of the case.

Viewing Messages section

  1. Return on the main screen of Oxygen Forensic. Click on File browser category. In the  File browser section, files that were extracted from the SIM card can be viewed. The analysis of these files contents can be done manually.

Viewing 2FE2 file contents

How it works...

Oxygen Forensic extracts data from the SIM card installed in the card reader that is connected to the expert's computer. After this, you can generate a forensic report or analyze the extracted data from the main window of this program.

There's more...

Oxygen Forensic displays the names of files in hex and this can be inconvenient for an expert. The following table shows the correspondence between the standard files' names in hex view and their content:

File name

Description

File name

Description

3F00

MF

6F05

EF (LP)

7F10

DF (TELECOM)

6F31

EF (HPLMN)

7F20

DF (GSM)

6F41

EF (PUCT)

7F21

DF (DCS1800)

6F78

EF (ACC)

2FE2

EF (ICCID)

6FAE

EF (PHASE)

6F3A

EF (AND)

6F07

EF (IMSI)

6F3C

EF (SMS)

6F37

EF (ACMmax)

6F40

EF (MSISDN)

6F45

EF (CBM)

6F43

EF (SMSS)

6F7B

EF (FPLMN)

6F4A

EF (EXT1)

6F52

EF (KcGPRS)

6F3B

EF (FDN)

6F20

EF (Kc)

6F3D

EF (CCP)

6F38

EF (SST)

6F42

EF (SIMSP)

6F46

EF (SPN)

6F44

EF (LND)

6F7E

EF (LOCI)

6F4B

EF (EXT2)

6F53

EF(LOCIGPRS)

6F74

EF (BCCH)

6F30

EF (PLMNcel)

6FAD

EF (AD)

6F54

EF (SUME)        

See also

 

 

Left arrow icon

Page 1 of 6

Right arrow icon

Key benefits

  • •Acquire in-depth knowledge of mobile device acquisition using modern forensic tools
  • •Understand the importance of clouds for mobile forensics and learn how to extract data from them
  • •Discover advanced data extraction techniques that will help you to solve forensic tasks and challenges

Description

Considering the emerging use of mobile phones, there is a growing need for mobile forensics. Mobile forensics focuses specifically on performing forensic examinations of mobile devices, which involves extracting, recovering and analyzing data for the purposes of information security, criminal and civil investigations, and internal investigations. Mobile Forensics Cookbook starts by explaining SIM cards acquisition and analysis using modern forensics tools. You will discover the different software solutions that enable digital forensic examiners to quickly and easily acquire forensic images. You will also learn about forensics analysis and acquisition on Android, iOS, Windows Mobile, and BlackBerry devices. Next, you will understand the importance of cloud computing in the world of mobile forensics and understand different techniques available to extract data from the cloud. Going through the fundamentals of SQLite and Plists Forensics, you will learn how to extract forensic artifacts from these sources with appropriate tools. By the end of this book, you will be well versed with the advanced mobile forensics techniques that will help you perform the complete forensic acquisition and analysis of user data stored in different devices.

What you will learn

•Retrieve mobile data using modern forensic tools •Work with Oxygen Forensics for Android devices acquisition •Perform a deep dive analysis of iOS, Android, Windows, and BlackBerry Phone file systems •Understand the importance of cloud in mobile forensics and extract data from the cloud using different tools •Learn the application of SQLite and Plists Forensics and parse data with digital forensics tools •Perform forensic investigation on iOS, Android, Windows, and BlackBerry mobile devices •Extract data both from working and damaged mobile devices using JTAG and Chip-off Techniques

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 15, 2017
Length 302 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785282058
Category :
Security
Concepts :
Forensics
Tools :
Oxygen Forensics (Beginner) , SQLite Forensic Explorer (Beginner)

Table of Contents

18 Chapters
Title Page Chevron down icon Chevron up icon
Title Page
Credits Chevron down icon Chevron up icon
Credits
About the Author Chevron down icon Chevron up icon
About the Author
About the Reviewer Chevron down icon Chevron up icon
About the Reviewer
www.PacktPub.com Chevron down icon Chevron up icon
www.PacktPub.com
Customer Feedback Chevron down icon Chevron up icon
Customer Feedback
Preface Chevron down icon Chevron up icon
Preface
1. SIM Card Acquisition and Analysis Chevron down icon Chevron up icon
SIM Card Acquisition and Analysis
Introduction
SIM card acquisition and analysis with TULP2G
SIM card acquisition and analysis with MOBILedit Forensics
SIM card acquisition and analysis with SIMCon
SIM card acquisition and analysis with Oxygen Forensic
2. Android Device Acquisition Chevron down icon Chevron up icon
Android Device Acquisition
Introduction
Preparatory work
Android device acquisition with Oxygen Forensic
Android device acquisition with MOBILedit Forensic
Android device acquisition with Belkasoft Acquisition Tool
Android device acquisition with Magnet Aсquire
Making physical dumps of Android device without rooting
Unlocking locked Android device
Acquiring Android device through Wi-Fi
Samsung Android device acquisition with Smart Switch
3. Apple Device Acquisition Chevron down icon Chevron up icon
Apple Device Acquisition
Introduction
Apple device acquisition with Oxygen Forensics
Apple device acquisition with libmobiledevice
Apple device acquisition with Elcomsoft iOS Toolkit
Apple device acquisition with iTunes
Unlocking a locked Apple device
4. Windows Phone and BlackBerry Acquisition Chevron down icon Chevron up icon
Windows Phone and BlackBerry Acquisition
Introduction
BlackBerry acquisition with Oxygen Forensic
BlackBerry acquisition with BlackBerry Desktop Software
Windows Phone acquisition with Oxygen Forensic
Windows Phone acquisition with UFED 4PC
5. Clouds are Alternative Data Sources Chevron down icon Chevron up icon
Clouds are Alternative Data Sources
Introduction
Using Cloud Extractor to extract data from Android devices from the cloud
Using Electronic Evidence Examiner to extract data from a Facebook account
Using Elcomsoft Phone Breaker to extract data from iCloud
Using Belkasoft Evidence Center to extract data from iCloud
6. SQLite Forensics Chevron down icon Chevron up icon
SQLite Forensics
Introduction
Parsing SQLite databases with Belkasoft Evidence Center
Parsing SQLite databases with DB Browser for SQLite
Parsing SQLite databases with Oxygen Forensic SQLite Viewer
Parsing SQLite databases with SQLite Wizard
7. Understanding Plist Forensics Chevron down icon Chevron up icon
Understanding Plist Forensics
Introduction
Parsing plist with Apple Plist Viewer
Parsing plist with Belkasoft Evidence Center
Parsing plist with plist Editor Pro
Parsing plist with Plist Explorer
8. Analyzing Physical Dumps and Backups of Android Devices Chevron down icon Chevron up icon
Analyzing Physical Dumps and Backups of Android Devices
Introduction
Android physical dumps and backups parsing with Autopsy
Android TOT container parsing with Oxygen Forensics
Android backups parsing with Belkasoft Evidence Center
Android physical dumps and backups parsing with AXIOM
Android physical dumps parsing with Encase Forensic
Thumbnails analysis with ThumbnailExpert
9. iOS Forensics Chevron down icon Chevron up icon
iOS Forensics
Introduction
iOS backup parsing with iPhone Backup Extractor
iOS backup parsing with UFED Physical Analyzer
iOS backup parsing with BlackLight
iOS physical dump and backup parsing with Oxygen Forensic
iOS backup parsing with Belkasoft Evidence Center
iOS backup parsing with AXIOM
iOS backup parsing with Encase Forensic
iOS backup parsing with Elcomsoft Phone Viewer
Thumbnail analysis with iThmb Converter
10. Windows Phone and BlackBerry Forensics Chevron down icon Chevron up icon
Windows Phone and BlackBerry Forensics
Introduction
BlackBerry backup parsing with Elcomsoft Blackberry Backup Explorer Pro
BlackBerry backup parsing with Oxygen Forensic
Windows Phone physical dump and backup parsing with Oxygen Forensic
Windows Phone physical dump parsing with UFED Physical Analyzer
11. JTAG and Chip-off Techniques Chevron down icon Chevron up icon
JTAG and Chip-off Techniques
Introduction
A sample Android device JTAG
A sample Android device chip-off
A sample Windows Phone device JTAG
A sample iPhone device chip-off

Recommendations for you

Left arrow icon
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Jan 2024 622 pages
ebook
eBook
  • ebook eBook $24.99
  • print Print $44.99
$24.99 $35.99
$44.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Apr 2024 828 pages
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Mastering Microsoft Intune
Mastering Microsoft Intune
Mar 2024 822 pages
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Architect's Handbook
Cybersecurity Architect's Handbook
Mar 2024 494 pages
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Security Monitoring with Wazuh
Security Monitoring with Wazuh
Apr 2024 322 pages
ebook
eBook
  • ebook eBook $24.99
  • print Print $44.99
$24.99 $35.99
$44.99
Cybersecurity Strategies and Best Practices
Cybersecurity Strategies and Best Practices
May 2024 252 pages
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Endpoint Detection and Response Essentials
Endpoint Detection and Response Essentials
May 2024 170 pages
ebook
eBook
  • ebook eBook $21.99
  • print Print $39.99
$21.99 $31.99
$39.99
Critical Infrastructure Security
Critical Infrastructure Security
May 2024 270 pages
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Keycloak - Identity and Access Management for Modern Applications
Keycloak - Identity and Access Management for Modern Applications
Jul 2023 350 pages
Full star icon 5
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Implementing Palo Alto Networks Prisma® Access
Implementing Palo Alto Networks Prisma® Access
May 2024 346 pages
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Mobile Forensics Cookbook
Mobile Forensics Cookbook
Dec 2017 302 pages
ebook
eBook
  • ebook eBook $24.99
  • print Print $43.99
$24.99 $35.99
$43.99
Privilege Escalation Techniques
Privilege Escalation Techniques
Nov 2021 340 pages
Full star icon 5
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan
Cybersecurity Career Master Plan
Sep 2021 280 pages
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Mastering Windows Security and Hardening
Mastering Windows Security and Hardening
Aug 2022 816 pages
Full star icon 5
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Feb 2022 742 pages
Full star icon 5
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies
Cybersecurity – Attack and Defense Strategies
Sep 2022 570 pages
Full star icon 5
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Right arrow icon

Authors (1)

Profile icon Igor Mikhaylov
Igor Mikhaylov has been working as a forensics expert for 21 years. During this time, he had attended a lot of seminars and training classes in top forensic companies (such as Guidance Software, AccessData, and Cellebrite) and forensic departments of government organizations in the Russian Federation. He has experience and skills in computer forensics, incident response, cellphones forensics, chip-off forensics, malware forensics, data recovery, digital images analysis, video forensics, big data, and other fields. He has worked on several thousand forensic cases. When he works on a forensic case, he examines evidence using in-depth, industry-leading tools and techniques. He uses forensic software and hardware from leaders in the forensics industry. He has written three tutorials on cellphone forensics and incident response for Russian-speaking forensics experts. He is the reviewer of Windows Forensics Cookbook by Oleg Skulkin and Scar de Courcier, Packt Publishing.
Read more
See other products by Igor Mikhaylov
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.